1 Answer
1

Commenting on the overall security model is a much more complex answer as many moving parts are involved, from initial blockchain syncing to cut-through. But to answer your specific questions:

Quantum computing

MimbleWimble is not very well prepared for quantum computing as it's intricately tied to Elliptic Curve Cryptography (ECC). But the full picture is a little more complex.

First, one has to define "quantum computing" further. Shor's algorithm would require several hundreds of qubits to break ECC. Modern quantum computers with higher qubit counts rely on quantum annealing, which is a different "kind" of quantum computer much more limited in function, and can't implement Shor's algorithm.

Second, there's early indication that quantum-resistant algorithms may exist with properties similar to ECC that could be used for MimbleWimble. They're mostly untested in the field, so it will required some time, but the above points shows we do have some time.

Overall, quantum computers that can break ECDSA are still years away. So starting with ECC which is well proven and migrating to quantum resistant algorithms when they're mature seems like a good approach.

Miners trust and "Classic" Bitcoin attacks

MimbleWimble has the same miner trust model as Bitcoin, and the same exposure to 51% attacks and DDOS (although in the case of DDOS resistance is more implementation specific than algorithmic). MimbleWimble is more resistant to Sybil attacks than Bitcoin because it's impossible to fake the current chain state.

Light Clients

At this point, light clients are completely unspecified. However assuming a UTXO set commitment in the header and a few other sane measures, tricking a client into trusting an invalid transaction would be extremely hard.

Can you elaborate and/or give references for quantum resistant algorithms? If I understand correctly the required properties are partially homomorphic encryption, and zk range proofs to constrain the additive property, but these two witness values don't need to be based on the same crypto, right?
– nothingmuchSep 3 '17 at 22:23